Commit 69d4c703 authored by Peter Maydell's avatar Peter Maydell Committed by Riku Voipio
Browse files

linux-user: Fix error handling in target_to_host_semarray() 



Fix two issues in error handling in target_to_host_semarray():
 * don't leak the host_array buffer if lock_user fails
 * return an error if malloc() fails

v2: added missing * -Riku Voipio

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: default avatarRiku Voipio <riku.voipio@linaro.org>
parent fff8c539

linux-user/syscall.c

+6 −1
Original line number Diff line number Diff line
@@ -2430,10 +2430,15 @@ static inline abi_long target_to_host_semarray(int semid, unsigned short **host_ 
    nsems = semid_ds.sem_nsems;



    *host_array = malloc(nsems*sizeof(unsigned short));

    if (!*host_array) {

        return -TARGET_ENOMEM;

    }

    array = lock_user(VERIFY_READ, target_addr,

                      nsems*sizeof(unsigned short), 1);

    if (!array)

    if (!array) {

        free(*host_array);

        return -TARGET_EFAULT;

    }



    for(i=0; i<nsems; i++) {

        __get_user((*host_array)[i], &array[i]);